As Businesses Improve Their Cybersecurity, Ransomware Payments and Attacks Plummet in 2022
Ransomware payments were down 40% in 2022. According to Chainalysis, a blockchain data platform, ransomware payments declined from an all-time high of $766 million in 2021 to $457 million in 2022.
Similarly, Delina, a Privileged Access Management provider, stated in their 2022 State of Ransomware Report that ransomware attacks in 2022 were down 61% from 2021.
But while the numbers are encouraging, this is no time to lower your business’ defenses or put off having a robust cyber protection plan.
Why the reduction in ransomware payments?
The main reason for the reduction in payments is that more and more businesses are refusing to become victims of extortion. Certainly, the years of businesses increasing their cyber hygiene and defenses make this decision easier than in years past. As business strategies involve using ever more sophisticated backups and recovery tools to thwart the effects of ransomware, well-prepared companies can recover much more quickly and reduce the costs of a ransomware attack. Likewise, as encryption and anonymization become more prevalent, this unusable data that is obtained by cybercriminals is virtually worthless.
Another factor may be that the U.S. Department of Treasury’s Office of Foreign Assets is adding more cybercriminal organizations to its sanctions list. A business that pays ransomware to a prohibited organization could face severe penalties, including millions of dollars in fines.
Why the reduction in ransomware attacks?
Certainly, one reason is the greater effectiveness of endpoint protection and other security tools that prevent cyberattacks and provide early detection of cyber intruders. Another factor is the demise of the Conti ransomware group. At its height, Conti was one of the largest ransomware groups in the world. However, after publicly supporting Russia in the Russia-Ukraine war, a Conti insider who disagreed with this stance published tens of thousands of pages of their day-to-day operations. This disclosure included their ransomware code. Ransomware payments to the organization collapsed in a matter of months after Conti announced it openly supported Russia in the war.
While payments and attacks declined in 2022, there is no guarantee that this trend will continue in 2023. Businesses should remain vigilant. Cybercriminals will continue to attempt to circumvent our most sophisticated defense tools, and even if one major cybercriminal organization met its demise, it could reinvent itself, or its members could simply move on to other cybercriminal groups. Having strong protections in place is still critical for businesses to prevent cyberattacks, or if they do happen, to recover with as little loss and cost as possible.
Please contact Walt Green or any member of Phelps’ Cybersecurity, Privacy and Data Protection team if you have questions or need advice or guidance.